IN THE CLAIMS 



1 . (Currently Amended) In a distributed network having a number of server 
computers and associated client devices, method of isolating infected client devices from 
uninfected client devices and of inoculating the infected devices , comprising: 

correlating network related virus infection reports of virus attacks information ; 

when a specific number of reports have been correlated, determining if a virus outbreak 
has occurred based on the correlated information wherein an outbreak has occurred when the 
number of occurrences of a specific virus has surpassed a threshold ; 

isolating infected client devices from uninfected client devices when the virus outbreak is 
confirmed; 

a controller signaling a virus monitor to switch to inline mode where all data packets are 
checked for the virus and related viruses without copying of the data packets; 
monitoring all data packets in the network for the virus; 
identifying the virus a packet type associated with tho virus; and 
blocking only the identified packet s infected by the particular virus type 
creating an anti- virus agent, wherein creating an anti- virus agent further includes: 

parsing the virus into Da detection module that identifies a selected one of the 
client devices as a target client device, 2) an infection module that causes the virus to infect the 
target client device not infected by the selected virus, and 3) a viral code payload module that 
infects the targeted client device; 

analyzing the infection module to determine the method of infection and the anti- 
viral payload module to determine the deleterious effects; 
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modifying the infection module to infect client devices already infected by the 

vims; 

incorporating the anti- virus into the payload module that acts to prevent further 
infection by the virus; and 

forming an anti-computer virus agent by combining the detection module, the 
modified infection module and the modified viral payload module . 



2. (Canceled) 



3. (Previously Presented) A method as recited in claim 2, further 
comprising: 

forwarding to a virus analyzer unit coupled to the network computer virus 
sensor only those data packets deemed to be infected by the identified computer 
virus or computer worm. 



4. (Previously Presented) A method as recited in claim 3, wherein in 
the first mode, copying by the traffic controller substantially all data packets 
included in the network traffic; and 

forwarding the copied data packets to the virus analyzer unit. 



5. (Previously Presented) A method as recited in claim 4, comprising: 
forwarding the copied data packet to a packet protocol determinator; and 
determining the packet protocol of the copied data packet. 
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6. (Previously Presented) A method as recited in claim 5, further 
comprising: 

receiving at a trash collector those copied data packets determined to be of a 
first set of one or more specific protocols; and 

receiving and analyzing those copied data packets determined to be of one or 
more specific protocol at a filescan unit. 

7. (Previously Presented) A method as recited in claim 6, further 
comprising: 

determining by a virus analyzer unit if those copied data packets received at 
the filescan unit are infected by the detected computer virus or computer worm; 

forwarding those packets determined not to be infected to the trash collector; 

analyzing the infected copied data packets; and 

generating a virus report based upon the analysis. 
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8. (Currently Amended) In a distributed network having a number of server 

computers and associated client devices, computer program product for isolating infected client 
devices from uninfected client devices and of inoculating the infected devices , comprising: 

computer code for correlating network related virus infection reports of vims attacks 
information ; 

when a specific number of reports have been correlated, computer code for determining 
if a virus outbreak has occurred based on the correlated information wherein an outbreak has 
occurred when the number of occurrences of a specific virus has surpassed a threshold ; 

computer code for isolating infected client devices from uninfected client devices when 
the virus outbreak is confirmed; 

computer code for a controller signaling a virus monitor to switch to inline mode where 
all data packets are checked for the virus and related viruses without copying of the data packets; 

computer code for monitoring all data packets in the network for the virus; 

computer code for identifying the vims a packet type associated with the vims; and 

computer code for blocking only the identified packet s infected by the particular vims 

type 

computer code for creating an anti-vims agent, wherein creating an anti-vims agent 
further includes: 

parsing the vims into 1) a detection module that identifies a selected one of the 
client devices as a target client device, 2) an infection module that causes the vims to infect the 
target client device not infected by the selected vims, and 3) a viral code payload module that 
infects the targeted client device; 

analyzing the infection module to determine the method of infection and the anti- 
viral payload module to determine the deleterious effects; 
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modifying the infection module to infect client devices already infected by the 

vims; 

incorporating the anti- virus into the payload module that acts to prevent further 
infection by the virus; and 

forming an anti-computer virus agent by combining the detection module, the 
modified infection module and the modified viral payload module ; 
computer readable medium for storing the code. 



9. (Canceled) 



10. (Previously Presented) Computer program product as recited in 
claim 9, further comprising: 

computer code for forwarding to a virus analyzer unit coupled to the network 
computer virus/worm sensor only those data packets deemed to be infected by the 
identified computer virus or computer worm are. 



11. (Previously Presented) Computer program product as recited in 
claim 10, wherein in the first mode, copying by the traffic controller 
substantially all data packets included in the network traffic; and 
computer code for forwarding the copied data packets to the virus analyzer 

unit. 

12. (Previously Presented) Computer program product as recited in 
claim 11, comprising: 

computer code for forwarding the copied data packet to a packet protocol 
determinator; and 
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computer code for determining the packet protocol of the copied data packet. 

13. (Previously Presented) Computer program product as recited in 
claim 12, further comprising: 

computer code for receiving at a trash collector those copied data packets 
determined to be of a first set of one or more specific protocols; and 

computer code for receiving and analyzing those copied data packets 
determined to be of a second set of one or more specific protocols at a filescan 
unit. 

14. (Previously Presented) Computer program product as recited in 
claim 13, further comprising: 

computer code for determining by a virus analyzer unit if those copied data 
packets received at the filescan unit are infected by the detected computer virus or 
computer worm; 

computer code for forwarding those packets determined not to be infected to 
the trash collector; 

computer code for analyzing the infected copied data packets; and 
computer code for generating a virus report based upon the analysis. 
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